ntlm-relay-coercion

This fragment is explicitly an offensive, actionable playbook for NTLM authentication coercion and relay-based Active Directory compromise, including identity/authorization-impact outcomes (RBCD, shadow credentials, ADCS relay, and DCSync-style effects). There is no indication of benign functionality; it is best treated as high-malicious-content supply-chain risk if present in a dependency.

MALICIOUS: the skill’s footprint is fundamentally offensive and centers on credential capture, relay, coercion, and privilege escalation against Active Directory targets. The tooling references are mostly legitimate red-team tools, so this is not mainly a supply-chain scam, but the skill is incompatible with benign assistant use because it teaches and enables network intrusion and post-auth abuse.